One request that come up from time to time, is to provide a way in Debian Edu to limit who can log into ssh, either for the main server or from outside the school.
One way to do this is to create a new group (say 'sshusers') and list it in /etc/ssh/sshd_config like this: AllowGroups sshusers This way only members of the sshusers group will be allowed to ssh into the machine with such setup. An alternative is to switch the logic around, and create a new group (say 'nosshlogin') and update /etc/ssh/sshd_config like this: DenyGroups nosshlogin This will block members of the group from login in via ssh. One challenge is that LTSP uses SSH to log in users when using LDM, so if ssh login on the LTSP server is blocked like this, the user will not be able to log in on LTSP clients either. One way around that might be to allow everyone on the school network to log in, but only members of a group (say 'remotesshlogin') access via ssh from outside the school. What do the rest of you think about such idea? Something for the version after Jessie? Perhaps something to document in the manual for Jessie? If so, which recipe should we recommend? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
